Описание
Broken access control for user creation in Pydio Cells 2.2.9 allows remote anonymous users to create standard users via the profile parameter. (In addition, such users can be granted several admin permissions via the Roles parameter.)
Ссылки
- Third Party Advisory
- Release NotesThird Party Advisory
- ProductVendor Advisory
- Third Party Advisory
- Release NotesThird Party Advisory
- ProductVendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:pydio:cells:2.2.9:*:*:*:-:*:*:*
cpe:2.3:a:pydio:cells:2.2.9:*:*:*:enterprise:*:*:*
EPSS
Процентиль: 43%
0.00209
Низкий
6.5 Medium
CVSS3
4 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
CVSS3: 6.5
github
больше 3 лет назад
Broken access control for user creation in Pydio Cells 2.2.9 allows remote anonymous users to create standard users via the profile parameter. (In addition, such users can be granted several admin permissions via the Roles parameter.)
EPSS
Процентиль: 43%
0.00209
Низкий
6.5 Medium
CVSS3
4 Medium
CVSS2
Дефекты
NVD-CWE-Other